Disabling the monzo-token-server

I haven't used this since I wrote it... and now the .tokens attribute is missing
and it's screwing up my other deployment... *sigh*
This commit is contained in:
William Carroll 2020-08-13 22:26:29 +01:00
parent 0b34482b6d
commit 4a836f363b

View file

@ -115,27 +115,25 @@ in {
rootUrl = "https://git.wpcarro.dev/";
};
systemd.services.monzo-token-server = {
enable = true;
description = "Ensure my Monzo access token is valid";
script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
# TODO(wpcarro): I'm unsure of the size of this security risk, but if a
# non-root user runs `systemctl cat monzo-token-server`, they could read the
# following, sensitive environment variables.
environment = {
store_path = "/var/cache/monzo_ynab";
monzo_client_id = readSecret "monzo-client-id";
monzo_client_secret = readSecret "monzo-client-secret";
ynab_personal_access_token = readSecret "ynab-personal-access-token";
ynab_account_id = readSecret "ynab-account-id";
ynab_budget_id = readSecret "ynab-budget-id";
};
serviceConfig = {
Type = "simple";
};
};
# systemd.services.monzo-token-server = {
# enable = true;
# description = "Ensure my Monzo access token is valid";
# script = "${briefcase.monzo_ynab.tokens}/bin/token-server";
# # TODO(wpcarro): I'm unsure of the size of this security risk, but if a
# # non-root user runs `systemctl cat monzo-token-server`, they could read the
# # following, sensitive environment variables.
# environment = {
# store_path = "/var/cache/monzo_ynab";
# monzo_client_id = readSecret "monzo-client-id";
# monzo_client_secret = readSecret "monzo-client-secret";
# ynab_personal_access_token = readSecret "ynab-personal-access-token";
# ynab_account_id = readSecret "ynab-account-id";
# ynab_budget_id = readSecret "ynab-budget-id";
# };
# serviceConfig = {
# Type = "simple";
# };
# };
services.gitDaemon = {
enable = true;